Disclaimer

The content of this blog is intended for informational purposes only. It is not intended to solicit business or to provide legal advice. Laws differ by jurisdiction, and the information on this blog may not apply to every reader. You should not take, or refrain from taking, any legal action based upon the information contained on this blog without first seeking professional counsel.

Does the Computer Fraud Act Apply to ‘Dumbphones’?

While this Court does not disagree that unwanted text messages, like spam e-mail, are an annoyance, whether receipts of such messages can establish a civil action under the CFAA is, of course, a different question.

Anti-spam (e-mail and text) lawsuits and legislation are legion: a flurry of Federal and state laws govern junk e-mails and texts. This post briefly discusses one case which examined whether sending unwanted texts can subject the texter to Federal Computer Fraud liability.

In Czech v. Wall Street on Demand, 674 F.Supp. 1102 (N.D. Minn. 2009) a Minnesota plaintiff (representing a proposed class of spam texts recipients) was so fed up with unwanted texts that she literally made a Federal case out of it. She sued in Minn. District Court under the Computer Fraud and Abuse Act, 18 U.S.C. s. 1030 et seq. (CFAA) after receiving unsolicited texts from an online trading company that mass-texted financial information to phone numbers in its database. The Court granted the defendant’s 12(b)(6) motion to dismiss the Complaint.

The basis for the court’s dismissal was that the plaintiff – who owned a cellphone which only made and received calls and texts (colloquially, a “dumbphone”) – was unable to show (1) that defendant obtained information from plaintiff’s phone; or (2) that defendants intentionally tried to damage plaintiff’s phone; or (3) any statutory “damage” or “loss” due to the unwanted texts. Id. As noted in an earlier post, damage and loss are terms of art under the CFAA: damage denotes physical damage to a computer or data; while loss refers to the monetary expense incurred in ameliorating a CFAA violation. See http://paulporvaznik.com/eagle-i-hijacking-a-linkedin-account-and-the-computer-fraud-act/803(discussion of CFAA damage and loss under 18 U.S.C. s. 1030(e)).

While the Czech Court ultimately dismissed the plaintiff’s CFAA claims, it also applied the CFAA’s expansive definition of “computer” by acknowledging that the plaintiff’s no-frills cell phone qualified as a “computer” under the CFAA. 674 F.Supp.2d at 1107 (“there is no dispute that [plaintiff’s] cell phone (as well as the various similar wireless devices used by the proposed class members) would constitute…a ‘computer’ as further defined in [the CFAA]). The CFAA defines a computer as any high-speed data processing device performing logical, arithmetic and storage functions – but that is not a calculator or typewriter. 18 U.S.C. s. 1030(e)(1). The 8th Circuit Court of Appeals also held that a cell phone that only made calls and texts qualified as a protected computer under the CFAA in a criminal case setting in U.S. v. Kramer, 631 F.3d 900 (8th Cir. 2011)(defendant used cell phone to entice minor across state lines to engage in criminal sexual conduct).

Declining to extend the Act to unwanted texts, the Czech Court stated succinctly that unwanted texts may be annoying, but they do not give rise to CFAA civil liability: “An annoyance? Quite possibly. The basis for a civil action under [the CFAA]? The Court thinks not.” 674 F.Supp.2d at 1105.

Take-away: Czech provides a very detailed analysis of CFAA information (defendant obtained information from a protected computer) transmission (defendant transmitted a virus or worm that damaged plaintiff’s computer), and access (defendant accessed plaintiff’s computer and caused damage or loss to plaintiff)claims. All three of these claims are predicate acts under CFA sections 1030(a)(2)(C), (a)(5)(A) and (a)(5)(C). The Court describes the elements and the damage and loss requirements for each of the three claims. The Court also engages in an intricate and interesting (at least I think so) discussion of the difference between obtaining information from a plaintiff’s website as opposed to a plaintiff’s cell number. But for this post’s purposes, the case is representative of the CFAA’s expansive definition of a “protected computer” and shows that virtually any mechanical device, wired or not, will qualify for coverage under the statute.